how to hack discord, vercel and more with one easy trick

74 points by ezri

polywolf

whoa those are pretty big vulns. good on mintlify for the quick patches, bad on them for having such vulns in the first place. "sandbox user-submitted code/assets" should be table stakes

sjamaan

Jesus, what a total amateur hour. Also shows how careful you should be to outsource anything to external companies, especially somewhat “unproven” ones.

chloe

What's funny is this isn't even the first time Mintlify had a security incident. This was around 4 months ago:

[1] https://tasky.uwu.network/posts/fantome/

[2] https://basil.cafe/posts/fantome/

steinuil

I immediately clicked on these posts because the combination of "mint" and "fantome" caused neuron activation and I was not disappointed.

Anyway, I didn't know about Mintlify and thought that was an impressive list of customers for a documentation platform. I took a look at the testimonials and sure enough, it's backed by AI hype.
zk

Not on topic but both of these blogs have incredibly nice design + typography choices.

rplacy

lol, this is the same person who found aws access keys in a16z HTML a few months ago https://kibty.town/blog/a16z/

viktor-tech

I was so happy to explore this website and all friends, feels like old internet

kel

Most significant feedback for me on this website: if the cat wants to follow me around why am I not allowed to pet it?
- ezri
  
  sometimes the cat follows you to other websites :)